cobaltstrike | 23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
Size

5.9MB
MD5

5e0b876ee31988e175db3148e32da910
SHA1

22a4ca03ae4df75b89c80a281c766b129772032f
SHA256

23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440
SHA512

0f26ba3118f8ccde86f8210d6c89a6acc0b640a9ec70b86d76038787640ffab236ced44c03f30628bcfa6f3de5987fab8de0e7c8826e6b48445c44487ecaab10
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUl:Q+856utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000900000002324b-5.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023251-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023253-11.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002324f-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023254-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023255-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023256-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023257-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023259-53.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002325a-59.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002325b-66.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002325c-72.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002325d-79.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002325e-87.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002325f-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023261-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023262-107.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023263-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023264-118.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e32b-122.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023265-130.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4244-0-0x00007FF7916E0000-0x00007FF791A34000-memory.dmp	xmrig
behavioral2/files/0x000900000002324b-5.dat	xmrig
behavioral2/memory/4664-8-0x00007FF6B5EE0000-0x00007FF6B6234000-memory.dmp	xmrig
behavioral2/files/0x0008000000023251-10.dat	xmrig
behavioral2/memory/4488-14-0x00007FF641E00000-0x00007FF642154000-memory.dmp	xmrig
behavioral2/files/0x0007000000023253-11.dat	xmrig
behavioral2/memory/4568-20-0x00007FF632970000-0x00007FF632CC4000-memory.dmp	xmrig
behavioral2/files/0x000800000002324f-22.dat	xmrig
behavioral2/memory/2600-26-0x00007FF700720000-0x00007FF700A74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023254-29.dat	xmrig
behavioral2/memory/3484-30-0x00007FF668440000-0x00007FF668794000-memory.dmp	xmrig
behavioral2/files/0x0007000000023255-36.dat	xmrig
behavioral2/memory/1236-37-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023256-43.dat	xmrig
behavioral2/memory/3172-42-0x00007FF743B00000-0x00007FF743E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023257-48.dat	xmrig
behavioral2/memory/3096-50-0x00007FF62EC00000-0x00007FF62EF54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023259-53.dat	xmrig
behavioral2/files/0x000700000002325a-59.dat	xmrig
behavioral2/memory/4244-60-0x00007FF7916E0000-0x00007FF791A34000-memory.dmp	xmrig
behavioral2/files/0x000700000002325b-66.dat	xmrig
behavioral2/memory/2436-61-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp	xmrig
behavioral2/memory/3888-58-0x00007FF66E0B0000-0x00007FF66E404000-memory.dmp	xmrig
behavioral2/memory/4360-69-0x00007FF6466D0000-0x00007FF646A24000-memory.dmp	xmrig
behavioral2/files/0x000700000002325c-72.dat	xmrig
behavioral2/memory/4488-75-0x00007FF641E00000-0x00007FF642154000-memory.dmp	xmrig
behavioral2/memory/1448-76-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp	xmrig
behavioral2/files/0x000700000002325d-79.dat	xmrig
behavioral2/memory/4568-81-0x00007FF632970000-0x00007FF632CC4000-memory.dmp	xmrig
behavioral2/memory/5080-83-0x00007FF72EB20000-0x00007FF72EE74000-memory.dmp	xmrig
behavioral2/files/0x000700000002325e-87.dat	xmrig
behavioral2/memory/3396-89-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp	xmrig
behavioral2/files/0x000700000002325f-91.dat	xmrig
behavioral2/memory/4020-96-0x00007FF7057E0000-0x00007FF705B34000-memory.dmp	xmrig
behavioral2/memory/3484-95-0x00007FF668440000-0x00007FF668794000-memory.dmp	xmrig
behavioral2/files/0x0007000000023261-100.dat	xmrig
behavioral2/memory/1236-102-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023262-107.dat	xmrig
behavioral2/memory/4632-103-0x00007FF6EBB00000-0x00007FF6EBE54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023263-111.dat	xmrig
behavioral2/memory/3172-112-0x00007FF743B00000-0x00007FF743E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023264-118.dat	xmrig
behavioral2/files/0x000200000001e32b-122.dat	xmrig
behavioral2/memory/2468-126-0x00007FF70C590000-0x00007FF70C8E4000-memory.dmp	xmrig
behavioral2/memory/2484-127-0x00007FF7D5150000-0x00007FF7D54A4000-memory.dmp	xmrig
behavioral2/memory/4968-129-0x00007FF6094B0000-0x00007FF609804000-memory.dmp	xmrig
behavioral2/memory/3508-125-0x00007FF6080E0000-0x00007FF608434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023265-130.dat	xmrig
behavioral2/memory/3092-133-0x00007FF7955E0000-0x00007FF795934000-memory.dmp	xmrig
behavioral2/memory/2436-134-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp	xmrig
behavioral2/memory/4664-135-0x00007FF6B5EE0000-0x00007FF6B6234000-memory.dmp	xmrig
behavioral2/memory/4488-136-0x00007FF641E00000-0x00007FF642154000-memory.dmp	xmrig
behavioral2/memory/4568-137-0x00007FF632970000-0x00007FF632CC4000-memory.dmp	xmrig
behavioral2/memory/2600-138-0x00007FF700720000-0x00007FF700A74000-memory.dmp	xmrig
behavioral2/memory/3484-139-0x00007FF668440000-0x00007FF668794000-memory.dmp	xmrig
behavioral2/memory/1236-140-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	xmrig
behavioral2/memory/3172-141-0x00007FF743B00000-0x00007FF743E54000-memory.dmp	xmrig
behavioral2/memory/3096-142-0x00007FF62EC00000-0x00007FF62EF54000-memory.dmp	xmrig
behavioral2/memory/3888-143-0x00007FF66E0B0000-0x00007FF66E404000-memory.dmp	xmrig
behavioral2/memory/2436-144-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp	xmrig
behavioral2/memory/4360-145-0x00007FF6466D0000-0x00007FF646A24000-memory.dmp	xmrig
behavioral2/memory/1448-146-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp	xmrig
behavioral2/memory/5080-147-0x00007FF72EB20000-0x00007FF72EE74000-memory.dmp	xmrig
behavioral2/memory/3396-148-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
4664	PjuIizq.exe
4488	MGXwneF.exe
4568	MXSDmas.exe
2600	NfubbUM.exe
3484	kjqHhPq.exe
1236	kDmEsnZ.exe
3172	QvviTSU.exe
3096	dodfnxr.exe
3888	izbcYNb.exe
2436	jUJbmEn.exe
4360	ljGrrIk.exe
1448	RgjBSjQ.exe
5080	VnQVUBQ.exe
3396	RKlpQzd.exe
4020	qRXPzpM.exe
4632	HeAnpuu.exe
3508	LpKaeiR.exe
2468	GzJWqBC.exe
2484	jjXhruk.exe
4968	tZEhymn.exe
3092	qEDKbxN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4244-0-0x00007FF7916E0000-0x00007FF791A34000-memory.dmp	upx
behavioral2/files/0x000900000002324b-5.dat	upx
behavioral2/memory/4664-8-0x00007FF6B5EE0000-0x00007FF6B6234000-memory.dmp	upx
behavioral2/files/0x0008000000023251-10.dat	upx
behavioral2/memory/4488-14-0x00007FF641E00000-0x00007FF642154000-memory.dmp	upx
behavioral2/files/0x0007000000023253-11.dat	upx
behavioral2/memory/4568-20-0x00007FF632970000-0x00007FF632CC4000-memory.dmp	upx
behavioral2/files/0x000800000002324f-22.dat	upx
behavioral2/memory/2600-26-0x00007FF700720000-0x00007FF700A74000-memory.dmp	upx
behavioral2/files/0x0007000000023254-29.dat	upx
behavioral2/memory/3484-30-0x00007FF668440000-0x00007FF668794000-memory.dmp	upx
behavioral2/files/0x0007000000023255-36.dat	upx
behavioral2/memory/1236-37-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	upx
behavioral2/files/0x0007000000023256-43.dat	upx
behavioral2/memory/3172-42-0x00007FF743B00000-0x00007FF743E54000-memory.dmp	upx
behavioral2/files/0x0007000000023257-48.dat	upx
behavioral2/memory/3096-50-0x00007FF62EC00000-0x00007FF62EF54000-memory.dmp	upx
behavioral2/files/0x0007000000023259-53.dat	upx
behavioral2/files/0x000700000002325a-59.dat	upx
behavioral2/memory/4244-60-0x00007FF7916E0000-0x00007FF791A34000-memory.dmp	upx
behavioral2/files/0x000700000002325b-66.dat	upx
behavioral2/memory/2436-61-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp	upx
behavioral2/memory/3888-58-0x00007FF66E0B0000-0x00007FF66E404000-memory.dmp	upx
behavioral2/memory/4360-69-0x00007FF6466D0000-0x00007FF646A24000-memory.dmp	upx
behavioral2/files/0x000700000002325c-72.dat	upx
behavioral2/memory/4488-75-0x00007FF641E00000-0x00007FF642154000-memory.dmp	upx
behavioral2/memory/1448-76-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp	upx
behavioral2/files/0x000700000002325d-79.dat	upx
behavioral2/memory/4568-81-0x00007FF632970000-0x00007FF632CC4000-memory.dmp	upx
behavioral2/memory/5080-83-0x00007FF72EB20000-0x00007FF72EE74000-memory.dmp	upx
behavioral2/files/0x000700000002325e-87.dat	upx
behavioral2/memory/3396-89-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp	upx
behavioral2/files/0x000700000002325f-91.dat	upx
behavioral2/memory/4020-96-0x00007FF7057E0000-0x00007FF705B34000-memory.dmp	upx
behavioral2/memory/3484-95-0x00007FF668440000-0x00007FF668794000-memory.dmp	upx
behavioral2/files/0x0007000000023261-100.dat	upx
behavioral2/memory/1236-102-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	upx
behavioral2/files/0x0007000000023262-107.dat	upx
behavioral2/memory/4632-103-0x00007FF6EBB00000-0x00007FF6EBE54000-memory.dmp	upx
behavioral2/files/0x0007000000023263-111.dat	upx
behavioral2/memory/3172-112-0x00007FF743B00000-0x00007FF743E54000-memory.dmp	upx
behavioral2/files/0x0007000000023264-118.dat	upx
behavioral2/files/0x000200000001e32b-122.dat	upx
behavioral2/memory/2468-126-0x00007FF70C590000-0x00007FF70C8E4000-memory.dmp	upx
behavioral2/memory/2484-127-0x00007FF7D5150000-0x00007FF7D54A4000-memory.dmp	upx
behavioral2/memory/4968-129-0x00007FF6094B0000-0x00007FF609804000-memory.dmp	upx
behavioral2/memory/3508-125-0x00007FF6080E0000-0x00007FF608434000-memory.dmp	upx
behavioral2/files/0x0007000000023265-130.dat	upx
behavioral2/memory/3092-133-0x00007FF7955E0000-0x00007FF795934000-memory.dmp	upx
behavioral2/memory/2436-134-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp	upx
behavioral2/memory/4664-135-0x00007FF6B5EE0000-0x00007FF6B6234000-memory.dmp	upx
behavioral2/memory/4488-136-0x00007FF641E00000-0x00007FF642154000-memory.dmp	upx
behavioral2/memory/4568-137-0x00007FF632970000-0x00007FF632CC4000-memory.dmp	upx
behavioral2/memory/2600-138-0x00007FF700720000-0x00007FF700A74000-memory.dmp	upx
behavioral2/memory/3484-139-0x00007FF668440000-0x00007FF668794000-memory.dmp	upx
behavioral2/memory/1236-140-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	upx
behavioral2/memory/3172-141-0x00007FF743B00000-0x00007FF743E54000-memory.dmp	upx
behavioral2/memory/3096-142-0x00007FF62EC00000-0x00007FF62EF54000-memory.dmp	upx
behavioral2/memory/3888-143-0x00007FF66E0B0000-0x00007FF66E404000-memory.dmp	upx
behavioral2/memory/2436-144-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp	upx
behavioral2/memory/4360-145-0x00007FF6466D0000-0x00007FF646A24000-memory.dmp	upx
behavioral2/memory/1448-146-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp	upx
behavioral2/memory/5080-147-0x00007FF72EB20000-0x00007FF72EE74000-memory.dmp	upx
behavioral2/memory/3396-148-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\NfubbUM.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\RgjBSjQ.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\RKlpQzd.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\GzJWqBC.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\MXSDmas.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\jUJbmEn.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\qRXPzpM.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\LpKaeiR.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\jjXhruk.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\PjuIizq.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\MGXwneF.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\kjqHhPq.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\QvviTSU.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\ljGrrIk.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\VnQVUBQ.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\HeAnpuu.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\tZEhymn.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\qEDKbxN.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\kDmEsnZ.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\dodfnxr.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
File created	C:\Windows\System\izbcYNb.exe	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
Token: SeLockMemoryPrivilege	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 4664	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	93
PID 4244 wrote to memory of 4664	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	93
PID 4244 wrote to memory of 4488	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	94
PID 4244 wrote to memory of 4488	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	94
PID 4244 wrote to memory of 4568	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	95
PID 4244 wrote to memory of 4568	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	95
PID 4244 wrote to memory of 2600	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	96
PID 4244 wrote to memory of 2600	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	96
PID 4244 wrote to memory of 3484	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	97
PID 4244 wrote to memory of 3484	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	97
PID 4244 wrote to memory of 1236	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	98
PID 4244 wrote to memory of 1236	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	98
PID 4244 wrote to memory of 3172	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	99
PID 4244 wrote to memory of 3172	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	99
PID 4244 wrote to memory of 3096	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	100
PID 4244 wrote to memory of 3096	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	100
PID 4244 wrote to memory of 3888	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	101
PID 4244 wrote to memory of 3888	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	101
PID 4244 wrote to memory of 2436	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	102
PID 4244 wrote to memory of 2436	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	102
PID 4244 wrote to memory of 4360	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	103
PID 4244 wrote to memory of 4360	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	103
PID 4244 wrote to memory of 1448	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	104
PID 4244 wrote to memory of 1448	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	104
PID 4244 wrote to memory of 5080	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	105
PID 4244 wrote to memory of 5080	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	105
PID 4244 wrote to memory of 3396	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	106
PID 4244 wrote to memory of 3396	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	106
PID 4244 wrote to memory of 4020	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	107
PID 4244 wrote to memory of 4020	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	107
PID 4244 wrote to memory of 4632	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	108
PID 4244 wrote to memory of 4632	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	108
PID 4244 wrote to memory of 3508	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	109
PID 4244 wrote to memory of 3508	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	109
PID 4244 wrote to memory of 2468	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	110
PID 4244 wrote to memory of 2468	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	110
PID 4244 wrote to memory of 2484	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	111
PID 4244 wrote to memory of 2484	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	111
PID 4244 wrote to memory of 4968	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	112
PID 4244 wrote to memory of 4968	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	112
PID 4244 wrote to memory of 3092	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	113
PID 4244 wrote to memory of 3092	4244	23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe	113

C:\Users\Admin\AppData\Local\Temp\23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe
"C:\Users\Admin\AppData\Local\Temp\23ba6ac978148bff5f316f18090e2dce81f9827d52d2aedf128990191b321440.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Windows\System\PjuIizq.exe
  C:\Windows\System\PjuIizq.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\MGXwneF.exe
  C:\Windows\System\MGXwneF.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\MXSDmas.exe
  C:\Windows\System\MXSDmas.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\NfubbUM.exe
  C:\Windows\System\NfubbUM.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\kjqHhPq.exe
  C:\Windows\System\kjqHhPq.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\kDmEsnZ.exe
  C:\Windows\System\kDmEsnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\QvviTSU.exe
  C:\Windows\System\QvviTSU.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\dodfnxr.exe
  C:\Windows\System\dodfnxr.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\izbcYNb.exe
  C:\Windows\System\izbcYNb.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\jUJbmEn.exe
  C:\Windows\System\jUJbmEn.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\ljGrrIk.exe
  C:\Windows\System\ljGrrIk.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\RgjBSjQ.exe
  C:\Windows\System\RgjBSjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\VnQVUBQ.exe
  C:\Windows\System\VnQVUBQ.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\RKlpQzd.exe
  C:\Windows\System\RKlpQzd.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\qRXPzpM.exe
  C:\Windows\System\qRXPzpM.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\HeAnpuu.exe
  C:\Windows\System\HeAnpuu.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\LpKaeiR.exe
  C:\Windows\System\LpKaeiR.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\GzJWqBC.exe
  C:\Windows\System\GzJWqBC.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\jjXhruk.exe
  C:\Windows\System\jjXhruk.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\tZEhymn.exe
  C:\Windows\System\tZEhymn.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\qEDKbxN.exe
  C:\Windows\System\qEDKbxN.exe
  2⤵
  - Executes dropped EXE
  PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GzJWqBC.exe

Filesize
5.9MB

MD5
6ca43a6d0e9986eedd159d388eb3e8fa

SHA1
18a2b2a1e2b46ca4e6a2a8eb7b7ab3d6dac1f503

SHA256
d478dbd52a308d7e8e7bc1cb959d4c35e8e8922240ade7682983f4d3f843eff9

SHA512
c51351cb305e379a940f189361bb9b5c17fe51caa25aeaa942a12cade42dcdccdea220e970a719a90081297abd805e8539e8f42d5031adcb0236161c803ebd4b

Download Submit
C:\Windows\System\HeAnpuu.exe

Filesize
5.9MB

MD5
ef653e622d60e5eaa9e65c99c8ccabf2

SHA1
7291fdf1fd0817f93d338e74d5b05b2303ee4d3c

SHA256
e484e3c0398ad5d7cbd4ff86df8ff8b712dfb6352cca8b74d1e6d8680413a386

SHA512
0bdca1abdaaedcbb5a1d408479f0747b73ebf95e7bb0113795fd8a842ca71bdf84a5fa6823a19955578a42f8bc486a278f8597af960286a46b701145b15da0e4

Download Submit
C:\Windows\System\LpKaeiR.exe

Filesize
5.9MB

MD5
1069893a67d3e430b389229dde0b40dd

SHA1
57c5778f7e6b4c5bb36edeef913e4cad59d36173

SHA256
7bd4da66743699f492045c23320532165f9ce77279baf32ae006d3b19c2d95ed

SHA512
4ce7d3ec9cb21cf6bdf845869db21b0b9e4dac0114540bdb4893efba14dfd419bfe97f753c7b6413e58b8f9513b38404b37fe7dfebfd4d330d81e959ac3f88d3

Download Submit
C:\Windows\System\MGXwneF.exe

Filesize
5.9MB

MD5
d7eb43ab1d17c70a9ac0e7e50a12af74

SHA1
c7b507e7ece82ccb113890ed90ce4be21d267451

SHA256
07c9b3c2af29a1bad30795b5ecef068337a496a4ad871a309153736d88c650dc

SHA512
83b3134762922f3adca0ef5ca5d517dafc4a6217774be3e62109311f5e4a19f1be3d373bb92854859dd3d787e3aa550f3febcc67caf7b29cc7a84fc85fc98dfd

Download Submit
C:\Windows\System\MXSDmas.exe

Filesize
5.9MB

MD5
b3809fbb06da58a9867e3dd81a014704

SHA1
3f83999a7ae30432bbb01499b2b22bfbc7b128d0

SHA256
7b299937541f77d36b6a2ede1c151b837b97dc832357c4397292a1151bcfc222

SHA512
5acaf0550c408bc43e0a959261f5b1f3ee69c57cf76cd548eb1f734851515ce02e236f5d8b56cdbfb84655349e4b81502fd4fd0dbeb6cb1016a051f92a740172

Download Submit
C:\Windows\System\NfubbUM.exe

Filesize
5.9MB

MD5
9eaa14c67e4ff12e3fbbb2817e98e646

SHA1
f7141537af5c085f22199c27d95937f3121ffb73

SHA256
a5d2835aefa34d5b3a4ac9d0dd85abe2e1418ea815e139cd44fa21d0fa9efde8

SHA512
e80971aad48aac594f6c7b08f683c4563f93626ff4b28a2a6d749ebf53cb928b028580df57c7bc6eafea9208474cbb9acc92fe1a6a6d04ce5ec9e32919112eb9

Download Submit
C:\Windows\System\PjuIizq.exe

Filesize
5.9MB

MD5
d1f96cfceac93c0f80f2d6650c38e58b

SHA1
36553efd4612a5cc83d7d1068d7ed9e86378e23f

SHA256
042b0f8b42da388ac38e6737e0b1301977d92876de1313a37f957111105664b6

SHA512
2c9081faedfe7a7c0e1a9639b68cc64087602029516cf34b3142e96f13e2dbb9401e1f05c273bc2f0b9b07711a6b1bc36ce5a8080dcb4d23ade45d0f37a0c650

Download Submit
C:\Windows\System\QvviTSU.exe

Filesize
5.9MB

MD5
2e4da6b7769c9b6bf51c09e24f27e573

SHA1
f5ea029ad15c15552161989bdb68d3df44a21b9e

SHA256
ac8bf8cab52fa776e437096268a6d782dadbe08aa78325fa5a97cbd9583b49a2

SHA512
923cbeb6688899552c0b5a94d9a7a4d448866f9ee875111661e2251c20af12717ac616b40dec6dd98fdc5f688af7d5ae0b77fc07cd566744f89256882e38ef43

Download Submit
C:\Windows\System\RKlpQzd.exe

Filesize
5.9MB

MD5
e33e979d81c1048964f64c06920bb6f7

SHA1
a4b686fcb38b44ec6f08343789e3685595578aa7

SHA256
c68908577a3460de66d5f7cda2ec05ac36fb3eec14f0a73c59e5ce614418bbc9

SHA512
0d603da2c9ad3590f8af54e04ef8171565741dbd188896abd594b0460e439f0121ab696bacebd2bc733b9da5964da148952a3d979df4691bdd37014994b0b8e7

Download Submit
C:\Windows\System\RgjBSjQ.exe

Filesize
5.9MB

MD5
a4337d3fdc595807180680bf0adbc7eb

SHA1
9e250a7b2598971b9779d404371b1aff9ff45296

SHA256
e743a2ed3b66edbfe1656ff53ca42a57b626dabbcac4e8e952bfc9ff8471270a

SHA512
a63b6e8c8878ed8bf0bf2abc9e6f1a983124cda9e26c87146ba815ce7d92e4c993f1fe1e3064235c3bd2fa3b44934f670278c652a667d5305c5d7ca2943f9d1f

Download Submit
C:\Windows\System\VnQVUBQ.exe

Filesize
5.9MB

MD5
d22f59e9ff1e273db2d65cec8d866309

SHA1
1c83fe461a5f640415334f6dddd0e92fd8a05deb

SHA256
df2e1f5b97ebbd32f67a64014346dc0e71fc1f108a50dba9ce01ba6844e1790c

SHA512
13ba2960136ceec820bcb0f59923e8fad1889f15e09cd72883eeed7fac4b71189068f9bc3f8334f29dd9446755eccafee88ef02837cac3c4f38969fa313fcc73

Download Submit
C:\Windows\System\dodfnxr.exe

Filesize
5.9MB

MD5
3b6cfe1c66e97d517db466a01420239b

SHA1
e6be65655671bbbcb53f91f8f3e43d8d22c8496f

SHA256
c53c0c265770b963646698480f651c59b5310927995062a8a6424690e3cada3f

SHA512
fdffa93100d1fa4b8792023ecd7ed4647e0cf28e39593e9334b996a10db3cb7be042fa75a15f02a51375f99a2e8c18084771c829db2351f2dcbaa0f84e0b984c

Download Submit
C:\Windows\System\izbcYNb.exe

Filesize
5.9MB

MD5
cfc17c6b7e33f32bd3a610b440eb0687

SHA1
08a7411a0282e34e90ecf719d1af5628ca46bd26

SHA256
e1ff4d1f312ac60cfa9b47021e4a329eb908e912164895c70e32f83e9885a302

SHA512
11149c307228a01da4c58a180a743e1b924cc84dc703868a230ee398cb5e6c383157f9d20721fdfb976c4d5bedcf345f4c2b91047bf623bebd029e80cec95554

Download Submit
C:\Windows\System\jUJbmEn.exe

Filesize
5.9MB

MD5
fa36416de5586a31b5d198fb8e9a4907

SHA1
969255238f35cb68a36f4a0c8c243bdd134046df

SHA256
7a57b59a06c67f0d23c5974779bd3239087ec66f761ac881dec636d424c99544

SHA512
ae9314a87e4dc02638c2d41e88d3c65b25d394db1aaf517fbd62276649cb80958206f07f1981a266822fc92ddd2b23bf108bcced76be709af2512206b8483d7e

Download Submit
C:\Windows\System\jjXhruk.exe

Filesize
5.9MB

MD5
837ff6815067ac814b8bb6eb658b393f

SHA1
efc5dca5668c90ecb28197d677f2c8be086bb2e0

SHA256
747a65a07f87090169e87fac89aa382f27425995764399f2afbd759a5b79c354

SHA512
8fd01d389ded8d3a6a10e123f9464d65bddc5c2f3159ddafedf9303079c53247cd157ac4c68fd9b59f3ca467e9df51d302c8fe50de821a9d4339d92708a529bf

Download Submit
C:\Windows\System\kDmEsnZ.exe

Filesize
5.9MB

MD5
8073e82d39a495f1e33b1fdb7d7675bc

SHA1
272178f0b9b78c1e930e807ea0248110547843a0

SHA256
debd7bdbd3581e4427b1380ecb695e04e6c0eb3256ee9b5464dffe8213456311

SHA512
0b681f6fcb060a45217aab36e8d5716060a89d7152e8f271f7d788f1f417217a74130dad2dc09d904ea103bc0ab3fd142d867d9b05e244c040ca5eaa34e19095

Download Submit
C:\Windows\System\kjqHhPq.exe

Filesize
5.9MB

MD5
6ab0aa1a3f1b3dc8fe825210a1fd7d6b

SHA1
f9fcbf9c3d5ee9200b6d2de1ffa8fcf3aa9bc03a

SHA256
fe46963dda41070e9ec5c01d2b861b32a3d1e006bcd0197dffa6021b3b24114a

SHA512
6982aace080faff6905e9bb3b60146353df2fb02db7c32ee23b2b02526808e7e400e50dbf9c136065b4f945b8cf7c0d88e6fbac646260951148a0c1d0e175983

Download Submit
C:\Windows\System\ljGrrIk.exe

Filesize
5.9MB

MD5
c51b6ab49f200048aae8bf83ad9cb25a

SHA1
bb263353d65f65460cb482eacfe5211ce4dfdae3

SHA256
77a17d8fab7b61517bbc25e7f05e24b13470d158172e5f44fac41a5ef3ab8125

SHA512
42f85ac4fe1923033df3e68da4f460c971269723a8a088604ad96ef9ece240685f94ea221c66188c956537e77250e86049efa03d521daa36aa88559d3b8d2672

Download Submit
C:\Windows\System\qEDKbxN.exe

Filesize
5.9MB

MD5
6ab5e875e42d24d9b54e78761fa43d94

SHA1
d86c2676efb94d2e38f46e92aed8a08aefdbb9c0

SHA256
9aefbd280d6a52dd42913446eda015f0c52f13f132f12cbad7e56d2405d4ce5b

SHA512
928211afc86ceca6edaf005035254543a1333e788d8d9cbec9f3173a346c178e2f6f65780e1e742d3992339886dc57ee77a5c7de8b1305d5a46fc81b5980a4ab

Download Submit
C:\Windows\System\qRXPzpM.exe

Filesize
5.9MB

MD5
8aeb628351cced1c8cccc019328b9752

SHA1
bda2e0f39ba7bd5520f19938766c487c8771eb9b

SHA256
8fa07b9ab40150ace29c6315274a6ae80e41372f3d9893c1404926a89c424171

SHA512
9abcb8f4986ab5326efe8f8181c80e92352571d72f29a854e74f3dcacc3e56d1f6cece61d0748477bc8e6e1031667911d99328b010a555fbaa564e88adc2dd6c

Download Submit
C:\Windows\System\tZEhymn.exe

Filesize
5.9MB

MD5
ce960942951339de14f6a7fe282fef3c

SHA1
680486b8d364abc4b451af90f3665eb1b1f2f022

SHA256
bb2ac1750273a51200964bff2dcae01d600490045bc8eef30d8980c7e44fcb2d

SHA512
0a8d533363ff5bc4c3ba0f739d23985042c8bc2bca699c644b27fb62ce6158cb2255fc6116decb991a29ca5b74134f132f7dc8934f55ae242149b8425836522f

Download Submit
memory/1236-102-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-37-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-140-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-76-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp

Filesize
3.3MB

Download
memory/1448-146-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp

Filesize
3.3MB

Download
memory/2436-134-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp

Filesize
3.3MB

Download
memory/2436-61-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp

Filesize
3.3MB

Download
memory/2436-144-0x00007FF6B1CE0000-0x00007FF6B2034000-memory.dmp

Filesize
3.3MB

Download
memory/2468-152-0x00007FF70C590000-0x00007FF70C8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-126-0x00007FF70C590000-0x00007FF70C8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-153-0x00007FF7D5150000-0x00007FF7D54A4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-127-0x00007FF7D5150000-0x00007FF7D54A4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-26-0x00007FF700720000-0x00007FF700A74000-memory.dmp

Filesize
3.3MB

Download
memory/2600-138-0x00007FF700720000-0x00007FF700A74000-memory.dmp

Filesize
3.3MB

Download
memory/3092-155-0x00007FF7955E0000-0x00007FF795934000-memory.dmp

Filesize
3.3MB

Download
memory/3092-133-0x00007FF7955E0000-0x00007FF795934000-memory.dmp

Filesize
3.3MB

Download
memory/3096-142-0x00007FF62EC00000-0x00007FF62EF54000-memory.dmp

Filesize
3.3MB

Download
memory/3096-50-0x00007FF62EC00000-0x00007FF62EF54000-memory.dmp

Filesize
3.3MB

Download
memory/3172-42-0x00007FF743B00000-0x00007FF743E54000-memory.dmp

Filesize
3.3MB

Download
memory/3172-141-0x00007FF743B00000-0x00007FF743E54000-memory.dmp

Filesize
3.3MB

Download
memory/3172-112-0x00007FF743B00000-0x00007FF743E54000-memory.dmp

Filesize
3.3MB

Download
memory/3396-89-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp

Filesize
3.3MB

Download
memory/3396-148-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp

Filesize
3.3MB

Download
memory/3484-95-0x00007FF668440000-0x00007FF668794000-memory.dmp

Filesize
3.3MB

Download
memory/3484-139-0x00007FF668440000-0x00007FF668794000-memory.dmp

Filesize
3.3MB

Download
memory/3484-30-0x00007FF668440000-0x00007FF668794000-memory.dmp

Filesize
3.3MB

Download
memory/3508-125-0x00007FF6080E0000-0x00007FF608434000-memory.dmp

Filesize
3.3MB

Download
memory/3508-151-0x00007FF6080E0000-0x00007FF608434000-memory.dmp

Filesize
3.3MB

Download
memory/3888-58-0x00007FF66E0B0000-0x00007FF66E404000-memory.dmp

Filesize
3.3MB

Download
memory/3888-143-0x00007FF66E0B0000-0x00007FF66E404000-memory.dmp

Filesize
3.3MB

Download
memory/4020-149-0x00007FF7057E0000-0x00007FF705B34000-memory.dmp

Filesize
3.3MB

Download
memory/4020-96-0x00007FF7057E0000-0x00007FF705B34000-memory.dmp

Filesize
3.3MB

Download
memory/4244-60-0x00007FF7916E0000-0x00007FF791A34000-memory.dmp

Filesize
3.3MB

Download
memory/4244-0-0x00007FF7916E0000-0x00007FF791A34000-memory.dmp

Filesize
3.3MB

Download
memory/4244-1-0x000001E671B10000-0x000001E671B20000-memory.dmp

Filesize
64KB

Download
memory/4360-69-0x00007FF6466D0000-0x00007FF646A24000-memory.dmp

Filesize
3.3MB

Download
memory/4360-145-0x00007FF6466D0000-0x00007FF646A24000-memory.dmp

Filesize
3.3MB

Download
memory/4488-136-0x00007FF641E00000-0x00007FF642154000-memory.dmp

Filesize
3.3MB

Download
memory/4488-14-0x00007FF641E00000-0x00007FF642154000-memory.dmp

Filesize
3.3MB

Download
memory/4488-75-0x00007FF641E00000-0x00007FF642154000-memory.dmp

Filesize
3.3MB

Download
memory/4568-137-0x00007FF632970000-0x00007FF632CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-20-0x00007FF632970000-0x00007FF632CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-81-0x00007FF632970000-0x00007FF632CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-103-0x00007FF6EBB00000-0x00007FF6EBE54000-memory.dmp

Filesize
3.3MB

Download
memory/4632-150-0x00007FF6EBB00000-0x00007FF6EBE54000-memory.dmp

Filesize
3.3MB

Download
memory/4664-135-0x00007FF6B5EE0000-0x00007FF6B6234000-memory.dmp

Filesize
3.3MB

Download
memory/4664-8-0x00007FF6B5EE0000-0x00007FF6B6234000-memory.dmp

Filesize
3.3MB

Download
memory/4968-154-0x00007FF6094B0000-0x00007FF609804000-memory.dmp

Filesize
3.3MB

Download
memory/4968-129-0x00007FF6094B0000-0x00007FF609804000-memory.dmp

Filesize
3.3MB

Download
memory/5080-147-0x00007FF72EB20000-0x00007FF72EE74000-memory.dmp

Filesize
3.3MB

Download
memory/5080-83-0x00007FF72EB20000-0x00007FF72EE74000-memory.dmp

Filesize
3.3MB

Download